Let’s face it. Systems Admins have their work cut out for them!
For all 365 days of the year, they have to ensure that performance, uptime, resources, and security of computers managed meet the needs of users. And yet, for all Systems Admins do, they have just one day where they are celebrated...

We’ve posted earlier about how hackers get into your systems and steal data from your endpoints, and then how they monetize this stolen information. If you have thousands of unsecured mobile endpoints on your network, it means there are equal numbers of opportunities for hackers to breach your constituents’ information.

As a savvy IT pro, you understand that all of your machines must have the most up-to-date security patches — both OS and application — to prevent intrusion. Still, you might be wondering if there is even more you can do to uncover holes in the armor of these endpoints. The answer is decidedly yes! There are vulnerability standards available that can help advance the goal of vulnerability detection. Scanners built upon these standards can give you predictable results, and they are continually updated as the user community at large discovers more vulnerabilities.

One of the most well-known is the Open Vulnerability and Assessment Language (OVAL®). Before the advent of OVAL, there wasn’t a common way for IT administrators to find all software vulnerabilities, configuration issues, programs, and/or patches on their endpoints. Sure, you can and should use a patching tool to make sure all OS security patches are addressed. But, that is only part of the story. With OVAL there is a standard repository for vulnerability tests that is continually updated by the community. The community reviews and vets new definitions before they are added to the repository.

At the heart of the community is the OVAL Board which consists of members from industry, academia, and government organizations. OVAL is funded by the office of Cybersecurity and Communications at the U.S. Department of Homeland Security and is the summation of the efforts of a broad selection of security and system administration professionals from around the world.

Often, the question arises: can’t hackers use this information to break into my system? Certainly, any public discussion or availability of vulnerability and configuration information may help a hacker. However, there are several reasons why the benefits of OVAL outweigh its risks.

OVAL Benefits

OVAL is restricted to identify publicly known configuration issues and associated vulnerabilities.

OVAL definitions help users determine the presence of vulnerabilities or configuration issues on systems before they can be exploited.

You must have root-level or system administrator access to actually employ the vulnerability information in an OVAL definition.

The detailed technical information about vulnerabilities or configuration issues made available in OVAL definitions reduces the need for releasing exploit code to the public.

So if you truly want to decrease your exposure to outside threats, you can be proactive by performing vulnerability scans. Doing them based on OVAL definitions gives you the knowledge that the entire security community has your back.

For all 365 days of the year, they have to ensure that performance, uptime, resources, and security of computers managed meet the needs of users. And yet, for all Systems Admins do, they have just one day where they are celebrated for their hard work.

In our effort to show how much we appreciate Systems Admins, we decided should get to know them better. And what better way to get to know them? Well, why not a Q&A!

Q1: How do you celebrate System Admin Appreciation Day or what does the day mean to you?

Casey M. “I send meme/nerd based thank you notes to my fellow Sys Admins. I see it as a day to look back at all the great (and often unnoticed) work that has been done during the year and a chance to offer ourselves a well-deserved thanks. “

David A. “It is a great reminder about the responsibility a System Admin has. It is definitely worth some donuts on that day.”

David H. “Work”

Keith J. “I like to sign in as a user and send myself positive emails praising the speed and reliability of the system.”

Q2: How has your work changed in the last year as a System Admin?

Chryss C. “More systems to manage, less resources to manage them with.”

Kimberly S. “I think I attended more meetings this past year than I ever have!”

Timothy S. “I have more grey hairs. Does that count?”

Q3: What is the strangest thing you received a call about as a System Admin?

Bob W. “Wow… That would be a long list. I think one of my favorites was I got a call saying a printer had an error that said "Please Add Water" and the user asked where the water goes. Turned out that a student got into the printer settings and changed default messages so the printer was just out of paper.”

David H. “I got a help desk ticket one day to fix the toilet in the restroom”

Edward G. “As I work in Higher Ed, the strangest would be this: on Labor Day several years ago, someone called the main help desk number and requested me by name. This was not someone that I knew. The question asked was, ‘Do we have classes today?’”

John K. “A woman keep calling the IT Helpdesk phone number after hours and leaving messages thinking we were her psychiatrist. I figured she would figure out on her own she was calling the wrong number, but she didn’t. I had to call the women back and fortunately she didn’t answer and I left a voicemail indicating that the doctor she is trying to reach is not at this number.”

Q4: How many cups of coffee do you have before you’re ready to tackle the day?

Clare T. “One large cup.”

Missy M-B. “At least 2.”

Sarah M. “Don't you mean how many pots?”

Casey M. “None. Soda on the other hand...”

Q5: What’s your favorite geek movie of all time?

Damien C. “Scott Pilgram vs The World”

Jeff H. “Tron!!”

Keith B. “Star Wars, Guardians of the Galaxy lately”

Rob O. “Office Space”

Q6: If you had a comic book hero name, what would it be?

Cindy K. “Microwoman”

Bob W. “Captain Awesome”

John K. “Batman”

Tony V. “Fantasmo”

Q7: Who shot first, Han or Greedo?

Bradley B. “Han”

Edward G. “I would have to check the script”

Kimberly S. “Greedo”

Peter A. “Han of course! How dare you.”

Your Turn!

Now let's get to know you! Comment below or tweet @DellSysMgmt with your answer to any of the above questions!

The fundamentals of systems management have changed. IT professionals like you are now faced with managing and securing a growing number of mobile and bring your own devices (BYOD), a variety of operating systems and network connected smart devices, in addition to traditional endpoint management tasks. You must approach “anypoint” systems management as an imperative, and Dell KACE appliances and complementary software can fill this need.

Attend Dell World Software User Forum and address these challenges head on by getting direct access to “anypoint” management experts through a broad selection of KACE educational sessions. In these sessions, you’ll see some of the newest and most popular KACE features and capabilities.

We’re targeting software pros like you who want to up their game by enhancing their KACE appliance use and knowledge, while exploring the added benefits of the wider Dell Software product portfolio. You should come ready to be immersed in the future of “anypoint” systems management. You’ll learn about the latest trends in big data and cloud management, advanced analytics, and the ins and outs of secure network access.

The Agenda Builder is now live, so once you’ve registered, you can create a personalized Dell World Software User Forum experience.

Featured and favorite KACE sessions include:

KACE Roadmap

Do you want to get a peek at what's around the corner with KACE? Listen to KACE product managers talk about the roadmap ahead and what's coming with KACE products. This session is consistently an attendee favorite. It allows you to learn about and plan for the implementation of upcoming key KACE features and enhancements.

Managing Chromebooks

Chromebooks are entering business and education at an unprecedented rate. Chromebook inventory information is now integrated with the K1000’s systems management workflows and processes, allowing you to use the K1000 to perform day-to-day management tasks, such as hardware inventory, reporting, and service desk, for Chrome devices. Attend this session and learn how to best manage them with your K1000.

Increase Security with an Effective Patch Process

Patching might have been the easy part...designing a sustainable patch management system with integrated automation and reporting is your real challenge. In this session, you'll learn best practices and different approaches to streamlining all the patching security tasks that are critical to your organization.

“Anypoint” Systems Management: Managing All of Your Connected Devices

The K1000 can manage more than just your laptops, desktops, Macs and servers. In this session, we'll demonstrate how to get your other network-enabled devices into your device inventory using agentless technology, for true "anypoint" systems management.

We’ve recently discussed how trends such as the Internet of Things and mobility have affected IT security. We’ve also touched on ways that more thorough measures can be implemented to rise to the challenges they create. But what about your role as the IT professional in the face of these burgeoning security challenges? Not only do you need to understand these new challenges, you must also implement the safeguards. How will you need to shift your focus to survive and thrive in a new world of security-obsessed organizations?

The change to the security landscape also means real change in how your organization protects that infrastructure.

There are many more points for intrusion including web services, cloud access and storage, BYO and mobility, making it virtually impossible for any single individual or group of individuals to monitor every possible point of entry. ”Today's WAN has so many doors, we can no longer expect to have a security specialist standing guard at each one,” says Jay G. Heiser, research director at Gartner.

Likewise, what used to be the wheelhouse of the security IT specialist — implementing firewalls, installing anti-virus software and implementing other perimeter controls —have become more of a commodity-oriented task, one that is often now handled by administrators, consultants, and even end users themselves.

That means you can be relieved of some of the operational burdens previously placed upon you. But instead, you must develop new skills that empower your organization and your users to implement intrusion prevention as an integral part of their everyday practice. Instead of investing time addressing problems that have known solutions, your focus should shift to the new problems brought about by greater levels of connectivity and portability. This should include a better understanding of your organizations' risk profiles, in addition to information security.

Some modifications in both thinking and approach for the evolving IT security pro should include:

Making security more of a business issue than a technology one, and promoting a security mindset that involves the entire organization, not just the IT department

Moving beyond managing devices to managing vendors and consultants

Educating all end users on information risk and security safeguards to minimize unintentional missteps

Setting policies that align with organizational culture and technology, and then communicating them thoroughly

“Security professionals have so much to offer in providing value and increasing profit through a more mature risk management process,” says Jeff Spivey, international vice president of ISACA and director of Security Risk Management Inc. “Change management, culture, monitoring of risk, mobility and BYOD all demonstrate the accelerated pace of risk due to new and better technologies. The secret is in establishing the correct framework to understand and manage new and evolving risk to the enterprise.”

In our last post, we talked about the Internet of Things, and how the addition of multiple new smart devices to your network can result in more opportunities for hackers to hijack your data and use it for ill- gotten gain. We all try to be vigilant to protect personal data belonging to our employees, customers, patients and other constituents, but what happens when the crooks get a hold of this type of information — what do they actually do with it and how do they make money? And what kind of data is most valuable to them? The logic and businesslike approach of their techniques might surprise you.

Selling the information on the black market:

Cybercriminals today work in large groups and many of the largest, most complex networks have skills and technology resources that rival Fortune 500 companies, according to Greg Wooten, CEO of fraud prevention technology corporation SecureBuy.

"In general, about a half a million data resources are being breached each day," he says. "The hackers extract the data, house it themselves and analyze it using analytics to match up information the best that they can and then monetize for the highest value possible when they go to wholesale it. This is a job for them, and they are very resourceful."

The data is bundled for bulk sale on black market sites, with prices varying depending on multiple factors, including the completeness of the information, the credit limits associated with the account and whether or not the information may already have been reported as stolen. This information can be sold for as little as a few dollars or more than $100 for a complete set of records.

Create fake cards:

For larger return from stolen information, the hacker needs to compile complete data sets. These sets, also called fullz, normally include not just an individual's name and Social Security number, but extend to birthdate, account numbers and other pieces of personal data. Here, all that’s needed is the information contained on the credit card’s magnetic strip, a form factor still in use in the US, unlike in most European countries. It’s a relatively simple process to read and transfer the information, but security measures are improving. These instances are typically time sensitive, requiring the thief to incur charges on the card before it is reported lost or stolen.

Perform online commerce transactions: Another example of card fraud is the use of e-commerce sites such as eBay and Craigslist to make online transactions, using an intermediary to receive and ship the item purchased with the stolen card. Once purchased, the item is relisted for sale at a below market price, with a direct wire transfer as the only accepted form of payment. With the intermediary receiving a small kickback, the transaction is difficult to trace, the criminal’s identity is protected and the profit is all theirs.

Open new accounts: The more personal information a fraudster can get collect, the more thorough and covert damage they can do. Using this information, criminals can open accounts of virtually any nature using the stolen information – accounts which may go undetected for extended periods of time.

"It's much more difficult to detect this type of fraud when the fraudsters have all the correct account application answers," Wooten says. "Having access to a full user profile makes it that much easier to pretend you are someone else and take advantage of them."

In a previous post, we covered some critical components of a security strategy that helped IT pros keep their jobs by preventing a security breach. We discussed topics like configuration management and enforcement, patching, and threat detection as just a few of the ways organizations can take basic security steps to avoid the nasty consequences we see in the news nearly every day. In the next few posts, we’ll drill a little deeper into some related topics that are truly shaking up the security landscape from the standpoint of added challenges and new ways organizations are both coping with and being compromised by malicious attacks.

Internet of Things

The Internet of Things (IoT) has burst on the scene, first in the consumer world, and increasingly in corporate environments. A thing, in the Internet of Things, can be an individual with a medical monitor, any type of unit with a tracking or monitoring sensor, or a smart business device; it is virtually anything that can be assigned an IP address and connected to the network. And according to Cisco, there will be 25 billion devices, or things, connected to the Internet in 2015, with that number predicted to double by 2016.

So here lies the rub for organizations of all types, many still struggling to address the challenges of effective device management and security in the world of mobility and the BYO phenomena. With the advent of the IoT, you as an IT administrator must inventory, manage, maintain and secure any number of new, heterogeneous devices. This is in addition to your traditional managed devices, over which you have corporate control of applications and operating systems. And while these new devices are designed to share critical data to empower the workforce, their innate design also offers up a greater opportunity for attack.

Altering the IT Security Landscape

How so? To enable an internet connection, every device must have an operating system embedded in its firmware. Unfortunately, this firmware is not designed to run security software, and opens the devices to new opportunities for exploitation. Organizations must understand the extra security challenges brought on by this litany of connected smart devices:

Accurate inventory of all connected devices must be maintained

Many security management functions for IoT devices cannot be instigated over the network

All network devices are open to such attacks as distributed denial of service—the reality is more devices = more opportunities

Patching of firmware can be difficult and take much longer than with its software counterpart

Endpoint configuration enforcement and password management for IoT devices can be challenging

All of the above add to the existing IT management task list, as well as the complexity of overall systems management and security

It’s clear that the IoT is here to stay and will grow exponentially as more smart devices enter both our personal and business lives. In order to keep your IT environment well managed and as secure as possible, this added layer of complexity and its protection must be given a well-considered risk/reward evaluation, and be added to the macro level schema for the implementation of all broadened endpoint security initiatives.

In earlier blogs, I’ve explained how important it is for systems management solutions to save educational institutions time and money and enhance student learning by keeping devices secure and available. But what about the systems management solutions themselves? With limited IT staff and budget, educational institutions need tools that are easy to deploy and use and that will continue to deliver value as the institution grows — without requiring increased headcount.

Florida’s Seminole County Public Schools, for example, was very concerned about ease of installation and maintenance when it began looking for a comprehensive systems management solution. Some vendors, the district found, proposed solutions that would have required IT staff to install, configure and maintain multiple servers. Moreover, some products had multiple components that needed to be integrated, making the solution much tougher to deploy district-wide. These choices were simply too complex and expensive to maintain, the district decided.

These sentiments are echoed by many other schools and colleges, including the San Bernardino County Superintendent of Schools (SBCSS) in California, which was looking for an integrated solution to replace the seven different products it was using to perform inventory, imaging and remote system management. To support 33 school districts across 22,000 square miles, SBCSS needed to be able to install images remotely and with as little manual work as possible, as well as identify and remove malware and unauthorized software when affected machines join the network. Ease of use and automation in systems management, the district knew, were critical to supporting its educational mission and growing digital curriculum.

More broadly, educational institutions also need the flexibility to implement systems management in a way that best fits their environment — physical, virtual or in the cloud. They also need a simple plug-and-play architecture that virtually eliminates installation and maintenance, along with support for a broad range of operating systems and applications.

To learn about how organizations like yours have discovered and implemented systems management solutions that are designed to be both immediately productive and trouble-free for the long term, be sure to read our new solution brief.

In the wake of the recent OPM cyber breach, federal CIO Tony Scott recently announced a 30-day “Cybersecurity Sprint” requiring agencies to immediately take steps to improve protection of federal information and resilience of federal networks.

Tony Scott’s initiative comes following the latest battles in the ongoing cyberwar against the United States government and an alarming increase in cyber threats. In fact, a February 2015 report issued by the U.S. Government Accountability Office (GAO) found that over the past eight years, incidents reported by federal agencies to the U.S. Computer Emergency Readiness Team (U.S. CERT) have increased by 1,121 percent, reflecting 67,000 reported incidents in 2014.

The use of the word “sprint” signifies that the CIO is utilizing a methodology designed to deliver results fast. At the same time, the Cyber Sprint encompasses a wide range of critical cybersecurity elements, recognizing the need for holistic security and an active, rather than reactive, security posture. This presents agencies with a significant challenge, but one that they have the resources to address.

Within the confines of the Cyber Sprint, agencies must address four critical security efforts:

As a part of the Cyber Sprint, agencies will now be required to immediately report any evidence of malicious cyber activity. Real time reporting is essential for quick remediation of cyber incidents. Luckily, today’s next-gen firewalls, coupled with insight into abnormal network activity enabled by robust identity and access management (IAM) approaches make these capabilities possible and give agencies a head start on their sprint. Dell SonicWALL offers next-gen firewalls that can correlate and present data from servers, network switches and firewalls.

Patch critical vulnerabilities without delay

Cyber criminals often have advanced resources available for cyber exploits, yet the vast majority of cyber intrusions take advantage of easily identifiable – and easily remediated – vulnerabilities. With the right tools in place, this is a simple element of the Cyber Sprint. Dell can identify and deploy patches for endpoints and servers and also provide updated virus signatures and deep packet inspection through next generation firewalls. Dell’s KACE systems management appliances enable rapid and effective patch management across heterogeneous enterprises of all sizes.

Tighten policies and practices for privileged users

Privileged users often hold the keys to the kingdom when it comes to sensitive government data. The Cyber Sprint seeks to mitigate this potential threat by limiting and controlling privileged user access. Additionally, Tony Scott has stressed the importance of tightening policies for privileged users. Privileged account management tools can help tighten these policies without prohibiting necessary access. Dell’s privileged account management offerings allow agencies to control the resources available through privileged accounts, while also controlling, monitoring and producing reports on the activities of these individuals. Dell is the only vendor that offers solutions in each area detailed by Gartner in its Privileged Account Management Market Guide.

Internal threats have been recognized as a critical security concern, often providing intruders with easy access to sensitive data. Multi-factor authentication provides an additional line of defense against external bad actors posing as qualified insiders – one that has been mandated by government for the past decade through Homeland Security Presidential Directive-12 (HSPD-12). Dell can provide hardware and software tokens for multi-factor authentication and help agencies integrate existing multi-factor authorization infrastructures with modern as well as legacy applications. Dell’s Defender multifactor authentication solution requires no dedicated server and can authenticate against already-in-place Active Directory infrastructure, facilitating this step for agencies in a hurry to get to the finish line.

Get on your mark and get ready for the sprint - Dell stands ready to help federal agencies achieve the cybersecurity improvements with which they’re tasked. Learn more about Dell’s end-to-end security offerings here: http://software.dell.com/solutions/security/.

Many educational institutions are working hard to improve the educational experience by adopting digital curricula. For that strategy to be successful, the devices that the curricula run on must be highly available, performing well and safe. Achieving those goals can be difficult, especially when you have to manage thousands of Windows, Apple Mac and Linux desktops, laptops and tablets, along with a fast-growing inventory of Chromebooks and other devices, all running a large number of different applications. And let’s not forget how bring your own device (BYOD) initiatives add user-owned devices to the mix.

For example, Seminole County Public Schools in Florida, one of the largest school districts in the United States, has built an impressive inventory of 20,000 desktops and 10,000 laptops to enable its digital curricula, and it invested in three different point solutions to help manage those machines. Nevertheless, the district’s IT team lacked the insight they needed to ensure that the machines had proper software updates and security patches, putting the digital curricula at risk of unplanned downtime.

Far away in California, the San Bernardino County Superintendent of Schools (SBCSS) faced similar challenges to its digital curriculum, despite having not just three but seven point solutions for systems management. The district’s small IT team supports 33 school districts across 22,000 square miles, so some sites are four hours away from hands-on help. Since the district lacked remote management tools, some users faced weeks of downtime before IT staff could resolve issues with their machines — a huge roadblock for any digital curriculum. Moreover, the district lacked a way to proactively recognize and remove malware or unauthorized software in the environment, putting online learning at further risk.

Negative approach? Maybe. But if you are the person in charge of ensuring your IT network and systems are buttoned up from all manner of malicious intruders, sometimes clueless users and a growing world of creatively uncovered and exploited vulnerabilities, your job could literally be on the line with a single network security breach. We’ve all read the news – enough said.

And if you are that guy or gal, you probably (even hopefully) have taken the basic steps to protect your systems and your data. If you haven’t gotten to all of these safeguards, you had better get out your “to do” list pronto, or at least update your resume.

What then, are the basic steps? Let’s tick off the most frequently implemented and readily available security safeguards:

Antivirus Software – once considered the only line of defense, it’s imperative that this is in place, current and enforced on all of your managed endpoint systems.

Firewalls – no longer just for larger organizations, next gen firewalls offer new technologies for providing added protection and peace of mind, and they can be both affordable and easy to manage.

Proactive Threat Detection – scans such as OVAL and SCAP can put you ahead of the curve in finding and remediating security holes in your IT endpoints.

Patching – you are patching your operating systems and applications regularly, correct? If not, this is the starting point for eliminating vulnerabilities using the latest versions of software available.

Data Encryption – security from the data level to the cloud is today’s ***, so make sure you start with endpoint data encryption for a solid defense for lost or stolen devices.

But what about today’s more sophisticated threats?

Consider the number of operating systems you are now slated to secure, the number of BYO devices that are a normal part of your organization’s operation in the form of smartphones, tablets and even wearable devices, and the Internet of Things, not to mention added entry points in the cloud, on social networks and via web services— your list quickly grows beyond basic safeguards to the increasingly complex.

Are you aware of such new trends as predictive analytics, full lifecycle threat analysis and how to integrate these with comprehensive systems management for improved security? If it sounds like another “to do” list is on the horizon, you are right. But it’s a necessary one.

Want to learn more? We’ll be covering these topics in an upcoming live web event featuring IDC analyst Chris Christianson and an expert from the Dell Software security team. We’ll be discussing both security basics, as well as the latest in security considerations for holistic, practical implementations that will help you keep your job. Register now and join us on June 25.